However, if you prefer any other to give me an working example not problem. :)

During these days I have collected a set of XSS payloads that are very interesting, however I'm unable to reproduce them and make the so wanted alert box appear. Can you please take a look at them and let me know why they are not working on my target test site?

Case #01:

/./iiin({}) // Chrome only

Ref.: http://sla.ckers.org/forum/read.php?2,29090,page=12

I tested with last version of Chrome and it doesn't work. Is it really possible to generate an alert box? Or is it just an test that do not produce anything useful?

However it doesn't work - I'm pretty sure that I'm missing something to make it works. I tested on last version of Chrome and Firefox on the test site with encoding, adding <script> tag, etc and nothing. Can soneome please give me an working example? I guess should be a generic way to test it such as we do with <script>alert(1)</script>, right?

Case #04:

Another very weird XSS payload, never worked in my tests with the environment previouus described.

Is is real? Someone got it working? How? Can you please give me an example?

Case #05:

These payloads where you are in theory able to change the conten-type and define it as UTF-7 and inject this payloads with unicode or even non-alpha. Some payloads that I found use <head> before meta tag, however, none of them work. I tried URL-encode, inject <script> tag before, etc. I think they are very, very specific or I'm missing something.

This one use some kind of strange charset, never worked here as well. I have no idea about how to encode it because with URL-encode it doesn't work to produce a alter box.

â€œÂ¼scriptÂ¾alert(Â¢XSSÂ¢)Â¼/scriptÂ¾â€

As I told on the beginning, please, feel free to test all of them on the test website (http://demo.testfire.net/search.aspx?txtSearch=InjectHere) and please, let me know if you were able to reproduce any of them. Also, if you prefer to use any other test site no problem. Maybe is there any requirement on the vulnerable script that is not present in this test site?

As you see I'm very curious about this strange and weird XSS, I would love to see them working, but I was unable myself, so I'm asking your help sla.ckers masters.

First of all to gain a solid understanding of XSS I recommend http://lcamtuf.coredump.cx/tangled/ . I think that will help more than disconnected examples. But, since you asked, I'll try to answer from memory:

Case #01:
Look at the first page of the thread; this is a bypass of Gareth's JSReg sandbox. http://sla.ckers.org/forum/read.php?2,29090,page=1

Case #02 and #05 and #06:
These all require unusual encodings. As you notice, <meta> tags can be used to define encodings. However, encodings are normally defined in the HTTP response headers - use an intercepting proxy like Burp to see these. Headers generally take precedence over HTML, so a <meta encoding tag may be overridden by a header.

I'm not the right person to answer #03 and #04.

Many of the weirder vectors you see here will rely on browser peculiarities, which may change at any time.

For a maintained list of practically useful vectors, see http://html5sec.org/

Also relevant is http://shazzer.co.uk/home . The first tests created at the bottom of the list on http://shazzer.co.uk/vectors are particularly interesting.

The other site (http://shazzer.co.uk/vectors) provides a lot of examples, but most of them do not looks that exotic like the ones that I referenced. IF you know other sites with a list of exotic XSS, please, let me know.